Dancing with the SARs - an Investigator's Guide to Suspicious Activity Reports

The era of Suspicious Activity Reports (SARs) in the United States began with the Annunzio-Wylie Anti-Money Laundering Act of 1992, which required regulated financial institutions to report transactions that they suspected might involve illicit funds or purposes. The USA Patriot Act of 2001 upped the ante to include securities broker/dealers. Then in 2006 the Bank Secrecy Act (BSA) was amended to require insurance companies to begin filing SARs. Currently, there is much talk about dealers in precious metals being next in line. At the moment they are not required to file SARs, although they are encouraged to do so if they have suspicions about a customer or a transaction.

Yes SAR No SAR
You may ask yourself every time you complete a SAR, "Why am I doing this?" "Who reads this and what happens to it next?" Let's follow that route and see where it takes us.

Assuming a financial institution has decided to complete a SAR within 30 days of first observing the suspicious activity, it will be sending this form (either electronically or via conventional mail) to the U.S. Treasury's Financial Crimes Enforcement Network (FinCEN). FinCEN stores all the SARs and various other reportable forms. It further breaks down, categorizes and analyzes SARs based on the various check boxes that the reporter filled in. FinCEN looks for various trends and patterns based upon the information that is provided. FinCEN publishes a downloadable file, for public consumption, several times a year called the SAR Activity Review. This report details the statistics and results of its findings. This is just a small part of FinCEN's duties and responsibilities, which entail protecting the financial system via administration of the BSA. For this article we are concerned only with the path of the SAR.

FinCEN makes SARs available to certain federal, state and local law enforcement agencies. Just as the confidentiality of the SAR is mandated at the financial institution level, so it is at the law enforcement level. There, officials are allowed to discuss the SARs with each other only under certain circumstances. Those would be for the purposes of investigating money laundering, terrorist financing or other crimes. Once a SAR is in law enforcement's hands it is considered a confidential document and is not to be disclosed to the subject listed on the SAR or to another financial institution.

Hidden Value of SARs

Even if a SAR isn't useful at the moment, it could still come in handy later:

1) Perhaps law enforcement is investigating the subject based upon a SAR from another institution you aren't aware of. While your SAR might not have originally been a top selection for investigation, it might help indicate a pattern or furnish additional information about the subject.

2) Trends and patterns might be observed based on the type of crime or geography.

3) A name, business or address in the narrative section might relate to another SAR or investigation.

In various geographical areas, law enforcement agencies gather together to discuss SARs that relate to their particular concerns. This is normally referred to as a SAR review meeting. Such meetings are held periodically and are usually attended by representatives of law enforcement agencies at the federal, state and local levels and by federal and state prosecutors and regulators. Since approximately one million SARs are completed each year, the need for a vetting and filtering process is paramount.

Each jurisdiction has its own methods of review. I will describe the process followed at the El Dorado Intelligence Center of New York's High-Risk Money Laundering and Related Financial Crimes Areas (HIFCA.).

Start Spreading the News...
Currently in New York, over 4,000 BSA-related SARs are downloaded each month. No advanced technology, million-dollar systems or sophisticated SAR software is used at this level. The reason for this is that while there is uniformity in the reporting methods for pages 1 and 2 -- which is basically fill in the boxes -- the narrative section is quite different. Most of you have never seen a SAR written by an institution other than your own, but I have reviewed SARs from hundreds of different institutions. Each narrative is constructed differently, and none follows a uniform pattern. It would therefore be difficult to simply process through a rules-based software system. Each SAR needs to be read and reviewed by human eyes. Those eyes must have a comprehensive understanding of money laundering, the latest trends and patterns, law enforcement methods and prosecutorial guidelines. There is little black and white in the narrative ï¿½ gray is the color of the day. Each SAR must be filtered through those human eyes with an initial assessment as to whether that SAR has the potential to become a case or actionable intelligence. Is the SAR an obviously defensive filing? Does the reader agree the activity is suspicious? Does the narrative have a usual or unusual pattern that may have been seen before? Is the SAR similar to other SARs from different institutions? For the reviewer, the narrative section is completely subjective, and case development will be based upon the reader's knowledge, skill, understanding and experience in AML and law enforcement.

SAR narrative writing guidelines

A fundamentally good SAR narrative should contain the following:

The basic W's: Who, What, When, Where and Why (although the why might not be clear).

If the basis of the SAR is money coming in, elaborate on how it goes out. The same goes for outgoing funds: Tell how they got in the account in the first place.

Don't incorporate a spreadsheet. Because of limitations in the current system it will not transfer well to a word processing format.

If you are listing numerous transactions, dates, locations and other numbers, I suggest you summarize. Nothing will cause the reviewer's eyes to glaze over faster than pages of numbers. If I want further specifics on the dates and times I will contact you.

For example: Mr. X made 27 deposits, each under $10,000, on separate days between April 1 and May 15, 2007.

Do not submit attachments.

Notate why you are suspicious about the events you describe.

Be short but informative. No need to rewrite War and Peace. Conversely, one or two sentences are not quite enough.

FinCEN has published a detailed report on constructing a SAR, available on the agency's website.

Desktop bounty hunting
The initial reading of the SAR is only the first bite at the apple. If the SAR passes through this review, it goes to the next level, where due diligence is performed. The subject of the SAR is checked for other financial reports (i.e. other SARs, CTRs, FBARs, 8300s, CMIRs). The subject is checked for foreign travel and criminal history. Then the SAR is reviewed again. If it still appears to have potential, then High-Risk Money Laundering and Related Financial Crimes Areas (HIFCA) will perform additional or enhanced due diligence. Those checks consist of a complete array of database checks, some that are open source, others that are law enforcement only. I call this process of investigation by computer, desktop bounty hunting.

HIFCA may contact the author of the SAR and request the SAR supporting documents. Additionally, a subpoena for the records may be sought, and 314A requests completed. The SAR is reviewed again and a determination made regarding its value as actionable intelligence. A written report of all findings and results is completed.

The final phase of the process is the SAR review meeting, described above. At this point an individual law enforcement or regulatory agency may adopt the case.

From there, the SAR and all of HIFCA's related work would be transferred to that adopting agency. The adopting agency would then decide to complete the
investigation by opening a thorough field investigation, which might include surveillance, wire taps, interviews, further subpoenas, forensic accounting and good old-fashioned detective work. The desired end result would be an arrest, prosecution and perhaps asset seizure and forfeiture.

SAR Supporting Documents

Title 31 of the Code of Federal Regulations (31CFR103.18 Availability of Information)

Institutions filing SARs are directed to maintain all "supporting documentation" related to the activity being reported. Disclosure of supporting documentation related to the activity that is being reported on a SAR does not require a subpoena, court order or other judicial or administrative process. Under the SAR regulations, financial institutions are required to disclose supporting documentation to appropriate law enforcement agencies, or FinCEN, upon request.

Real SARS to Jail Bars

Unusual money movements led to a phone sex scam run by organized crime that charged callers for "free samples." Callers were instructed to give their credit card numbers for "verification purposes." Monthly charges would then begin to appear on their credit card bills. Plus, the callers' phone numbers were captured by computer, and each was charged various fees in a tactic called "cramming." Overall, callers were bilked out of over $400 million. Indictments were issued for 10 people. Federal prosecutors have filed forfeiture suits seeking $230 million.

Structured deposits paved the way to a drug trafficker who was stopped by police and found to have $430,000 in cash in his car. Search warrants were issued for his various residences. In a hidden compartment in one of his vehicles was $300,000 and seven kilos of cocaine. The subject was indicted for distribution of cocaine, weapons possession, structuring and mail fraud.

Good due diligence procedures started the ball rolling on the investigation of a university student who scammed millions in a non-existent hedge fund scheme. The fraudster posed as an heir to a wealthy family and counterfeited checks and brokered deals. He attempted to cash a counterfeit $25 million check and controlled a hedge fund that raised over $7.4 million from investors. He was sentenced to 3 Â½ years in prison.

Unusual checking activity led to a limousine company that had no limos, but was still successful at taking customers for a ride. A Manhattan escort service would provide clients with "services rendered," which would subsequently be billed to their credit cards as a limousine service. The owner was arrested and some $4.2 million was seized.

In conclusion
The SARS that financial institutions complete are read. Contrary to popular belief, we do not make paper airplanes out of them and fly them out the window. Not only does the New York HIFCA read SARs but, as mentioned earlier, numerous law enforcement and regulatory bodies have access to SARs and make good use of them. I cannot stress enough the importance of the information that is provided through a thoroughly completed SAR that includes a quality narrative.

Some law enforcement agencies have been reviewing SARs for years, while others are new to the game. Many are just beginning to realize the wonderful investigative tool that SARS and other financial reports can be. Financial institutions, regulators and law enforcement all have a similar goal, and that is to keep the bad guys from abusing the financial system. Cooperation, understanding and solidarity among all can give us an edge on the bad guys.

Kevin Sullivan, CAMS, is an Investigator with the New York State Police, and the state coordinator at the New York HIFCA El Dorado Task Force. Additionally, he operates the consultancy www.amltrainer.com

About the Author

Former Investigator, New York State Police; President, AML Training Academy & Advisory

Kevin retired as an Investigator from the NY State Police after 22 years in law enforcement. Kevin was the state money laundering investigations coordinator assigned to the NY HIFCA El Dorado Task Force in Manhattan specializing in money laundering, organized crime and terrorist financing.

Kevin was responsible for case reverse engineering, SAR analysis and review, and special projects consisting of developing intelligence on the new money laundering methods, trends and patterns. He was also was one of the lead instructors for Operation Cornerstone, which assisted financial institutions with their AML and BSA compliance programs.

Kevin possesses a Masters in Economic Crime Management, a MMBA, and is Six Sigma compliant, is a Certified Anti Money Laundering Specialist, the Chairman of the Association of Certified Anti Money Laundering Specialists Education Task Force and former chapter co-chair and and founding member of the NYC chapter of ACAMS.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.